Storage, Backup & Security (10)

What happens with my personal contact details?

At registration, you have to fill in your first tname and last name, company name and email address. We will never supply this information to third parties. We only may contact you by email or phone in response to your registration.  In our mailings, there is always to option to unsubscribe.

How do I know that my data is kept safe?

SpinOffice takes adequate organizational and technological measures to ensure the security and confidentiality of your personal information. We will process any personal data according to legislation in respect of the processing of personal data (such as the Personal Data Protection Act and the GDPR. SpinOffice does not share any information with third parties, except when required by law, or with explicit permission from you. We use Amazon Web Services (AWS) to host the application servers that are needed to run SpinOffice CRM. All client databases, email messages and files are securely saved and managed on AWS. The data centers that we use are located within the EU and our network is a private network to whom nobody else has access. Our virtual private network spans over two AWS data centers within one availability zone. This allows us to host our servers it two separate data centers. In case of a problem in one data center, the other one will pickup the load and users can continue to work. Our Pro databases are encrypted by a company key and any file that is stored in SpinOffice is stored encrypted. Our servers are monitored 24 hours a day. Our software and infrastructure regularly receives a new security update. Our network is protected by a top-level corporate firewall, and all SpinOffice databases use SSL encryption to keep your data safe. Visit the GDPR page on our website for more information and frequently asked questions from our customers regarding security, the GDPR and SpinOffice.

Are my messages sent via a secure connection?

Yes. SpinOffice even uses the TLS security protocol for sending your emails to and from specified domains and email addresses if possible. Transport Layer Security (TLS) is a security protocol that encrypts email for privacy. TLS prevents unauthorized access of email when it's in transit over internet connections. By default, SpinOffice always tries to use TLS when sending email. However, a secure TLS connection requires that both the sender and recipient use TLS. If the receiving server doesn't use TLS, SpinOffice still delivers messages, but the connection isn't secure. When composing a new message in SpinOffice, a padlock image on the right side in the gray top bar shows if the message will be sent with TLS. Click to check the TLS status of each recipient of your email: green padlock: all recipients use TLS, your email is sent encrypted. red padlock: none of the recipients use TLS, your email is not sent encrypted. orange padlock: some of the recipients use TLS, your email is sent encrypted to those recipients only.

Will there be backups created of my data?

We make backups of Pro and Enterprise databases. Limited databases are not backed up. Without having to do anything, we automatically make an external backup of your database according to a daily schedule. This backup contains all messages, files and contacts in your database. With a cloud backup your data is safely stored externally, this eliminates dangers such as fire and theft, hazards to which local backups are exposed to. In addition to the daily backup of your database, versions of files are continuously stored. SpinOffice keeps snapshots of all changes made to files in your SpinOffice database within the past 5 days. After that, we move your document to a backup server for the next 100 days.

For how long are deleted items from the database stored in a backup?

Contacts, documents, files If a user deletes contacts, documents or files, we will keep them for another 30 days. We do this so that we can restore any incorrectly deleted data at the request of a customer within a foreseeable period of time. After these 30 days, the deleted data will be automatically deleted. Email messages Deleted email messages will remain in the deleted folder for another 90 days, after which we will keep them in backup for another 90 days. After that, they will be permanently removed from our server. You can adjust the retention period for e-mail messages yourself. Go to the Auto-clean option in menu option Administration -> CRM Preferences. Read about the possibilities in chapter 16 All options in CRM preferences.

For how long my database will be stored?

Limited version After registration, we keep your free Limited database active for a minimum of 120 days. After a period of 120 days of not logging in, we delete the database and all data you have stored in it. Your email address can still be used for email purposes unless you have unsubscribed from our newsletter. Do you want to prevent the database from being deleted? Very simple, log in and the database will remain active for another 120 days. Do you want to delete the database before the 120 days has expired? Read this support article on how to do it yourself. Pro and Enterprise version Paid accounts will not be deleted as long as at least one Pro or Enterprise license is active. When all licenses have expired, the 120-day no-login period, as stated above, applies. All Limited, Pro, and Enterprise databases that have been deleted will be retained on one of our servers within Amazon Web Services for 30 days. After 30 days we will permanently delete your database and all data you have stored in it.

How to enable two-factor authentication in Pro?

Two-factor authentication (also known as two-step verification) is an optional but highly recommended security feature in a Pro-account. Once enabled, SpinOffice requires a six-digit security code in addition to your password when you sign in to your account. Enable two-factor authentication Sign in to SpinOffice. Go to menu option Administration -> CRM preferences -> Security. (If you don't have the CRM preferences option in Admin menu, you don't have the user right to access this. Please ask the 'super administrator' within your database) Tick 'Enable 2-factor authentication with Google Authenticator'. To enable 2FA for mobile app access, tick 'Also enable for mobile app access'. Click on 'Save' to close the preference screen. Note: it is an adjustment that applies to everyone! Two-step verification is now active on the next login for all users. Download Google Authenticator App Several mobile apps are available that will generate a unique time-sensitive security code but we advice you to use Google Authenticator to finish signing in to your SpinOffice account: Google Authenticator (available for Android/iPhone/BlackBerry) Initial login to SpinOffice with two-step verification Once you download the app, follow these steps to use the app for SpinOffice two-step verification: Sign in to SpinOffice. Enter your personal password (step 1). A QR code is shown. On your mobile phone, use the Google Authenticator App. Open the app and choose to add a new account. Use your phone's camera to scan the QR code on the login screen of SpinOffice. Enter the six-digit security code that the Google Authenticator app generates for you. Click on 'Validate' to enter SpinOffice (step 2). Recurrent logins to SpinOffice with two-step verification Sign in to SpinOffice. Enter your personal password. Enter the verification code that is shown for SpinOffice in the Google Authenticator App. Click on 'Validate' to enter SpinOffice. As long as you have your phone/Google Authenticator App, you can switch computers to login to SpinOffice; after you have entered the account password the verification code is shown. Need a new QR code? When you have a new phone, you will have to reset the QR code. Sign in to SpinOffice. Enter your personal password. Choose 'Reset QR by mail'. We will sent you an email with a link, please click on that link. SpinOffice will show you a new QR code that you can scan with the Google Authenticator App. Enter the new security code that the Google Authenticator app generates for you. Click on 'Validate' to enter SpinOffice. If you lose your phone and can't sign in with two-step verification, a colleagues with admin-rights can temporary turn off two-step verification for all users in the CRM preferences screen. Important: When two-factor authentication is activated, you can no longer log in with the option 'remember password'. It is also important to realize that you can no longer log in to SpinOffice without having your phone nearby.

How can I delete my SpinOffice database?

All free Limited databases are automatically deleted after 120 days of inactivity. Do not worry, we will inform you several times before we actually do this. When you are not satisfied with SpinOffice, or if you have found another solution, there is always the option to delete your database. Please note that deleting your database will affect all users; you do not delete your own user account, but the entire database including contacts, files, tasks and activities. The option to delete the database can be found under menu options Administration -> CRM Preferences and then the Delete tab. After providing some details, you can request to delete your database. We will verify your request and send you a confirmation email. You can still use SpinOffice for 30 days and you have the option to cancel the removal request during this period. Canceling your deletion request can also be done in this screen. After 31 days we delete the database including all contacts, files, tasks and activities.

How will data leaks be reported?

As mentioned in the Data Processing Agreement between the controller (you as the customer) and the processor (we), without unreasonable delay and no later than 24 hours after discovery, the processor shall notify the controller of a data breach via email to the controller’s contact person. SpinOffice is committed to cooperate with the controller to meet all the legal requirements in relation to the reporting to the Dutch Data Protection Authority. SpinOffice shall keep the controller informed of the progress of the internal investigation and the developments with regard to the data breach, and will keep the controller informed on the recently implemented security measures.

What does SpinOffice CRM do to be GDPR compliant?

We will process any personal data according to legislation in respect of the processing of personal data (such as the Personal Data Protection Act and the GDPR. SpinOffice does not share any information with third parties, except when required by law, or with explicit permission from you. Here are a number of measures that we offer you as a user to guarantee the security of your data and to increase the reliability of data. Data Processing Agreement When using SpinOffice CRM, our organization (Mulberry Garden B.V.) is the ‘processor’ of your data. In accordance with the upcoming GDPR legislation, it is required to conclude a ‘data processing agreement’ with all your processors. The data processing agreement is an agreement between the controller (you as the customer) and the processor (we), which specifies how the processor must deal with the personal data. The responsibility for having such an agreement lies with the 'controller', but we as processor have drawn up a processing agreement for you. This is signed by both of us and is immediately applicable. Do you want to conclude a processing agreement with us? Please contact us. Two-factor authentication on login In view of the GDPR we have upgraded our security with the introduction of two-factor authentication for SpinOffice CRM. This feature enables secure access to your account and ensures safety of your data and resources that reside in your SpinOffice account. When you log in to your average social networking site or app, you typically enter your username/email and password to access your account. This may be the single step taken by the website/app to verify your identity and grant access to your account. This is known as one-factor authentication. When you add another factor to this password-only authentication system, it is known as two-factor authentication (2FA). In such a setup, you are required to provide an additional piece of information to verify your identity. 2FA ensures that even if one of the factors have been compromised or leaked, the other factor keeps hackers/criminals from breaking into your account, thereby minimizing the risk of data theft. This is an option available in Pro and Enterprise. For more information, see the article How to enable two-factor verification in Pro? Periodic Pentest Although all data is stored encrypted, we periodically review our software to guarantee security. We do this by having a pen test performed by an external specialized agency Penetra Cyber Security. The purpose of a pentest is to gain insight into the risks and vulnerabilities of the examined system and to define improvements for the security - in other words, to combat the risks and vulnerabilities. Check out Storage, Backup & Security for more related articles about backups, security and data leaks.